From owner-freebsd-questions@FreeBSD.ORG Wed Jun 18 04:17:03 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E714E37B401 for ; Wed, 18 Jun 2003 04:17:03 -0700 (PDT) Received: from mail.darq.net (phear.darq.net [213.253.1.14]) by mx1.FreeBSD.org (Postfix) with SMTP id 4F3D743F75 for ; Wed, 18 Jun 2003 04:17:02 -0700 (PDT) (envelope-from loz@darq.net) Received: (qmail 29012 invoked by uid 1013); 18 Jun 2003 11:17:03 -0000 Date: Wed, 18 Jun 2003 12:17:03 +0100 From: Loz To: Jaime Message-ID: <20030618111702.GB26199@bosh.org> References: <200306172227.h5HMRnN4014581@peedub.jennejohn.org> <20030617194247.C99305@malkav.snowmoon.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030617194247.C99305@malkav.snowmoon.com> User-Agent: Mutt/1.4i cc: freebsd-questions@freebsd.org Subject: Re: ping: sendto: No buffer space available X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jun 2003 11:17:04 -0000 * Jaime [2003-06-18 00:49]: > The clues to a crack are evident, too. A process "/usr/sbin/nscd" > is running on the box according to top and ps, but the file does not > exist. Further more, I never told such a process to execute. Shortly > after a reboot, a netstat command showed a connection to 37303 on a remote > host. I was the only person logged in and I did not initiate that > connection. Sounds familiar - a friend had a Linux box cracked over the weekend... apparently russian script kiddies using a php gallery exploit. Sorry I don't have any more details, but I do know that in his case at least nothing else was compromised. He found all the answers he needed on Google. good luck, /loz.